Fix JWT Token Refresh

jmoldow · jmoldow · commit a65026d3da2b · 2017-07-25T23:59:43.000-07:00
Fixes #197 in v1.5. Cherry picked from master branch (v2.0.0). (cherry picked from commit e5149f6)
diff --git a/boxsdk/auth/jwt_auth.py b/boxsdk/auth/jwt_auth.py
@@ -193,6 +193,7 @@ def _refresh(self, access_token):
         """
         # pylint:disable=unused-argument
         if self._user_id is None:
-            return self.authenticate_instance()
+            new_access_token = self.authenticate_instance()
         else:
-            return self._auth_with_jwt(self._user_id, 'user')
+            new_access_token = self._auth_with_jwt(self._user_id, 'user')
+        return new_access_token, None
diff --git a/boxsdk/auth/oauth2.py b/boxsdk/auth/oauth2.py
@@ -203,14 +203,13 @@ def refresh(self, access_token_to_refresh):
             # The lock here is for handling that case that multiple requests fail, due to access token expired, at the
             # same time to avoid multiple session renewals.
             if (access_token is None) or (access_token_to_refresh == access_token):
-                # If the active access token is the same as the token needs to
+                # If the active access token is the same as the token that needs to
                 # be refreshed, or if we don't currently have any active access
                 # token, we make the request to refresh the token.
-                return self._refresh(access_token_to_refresh)
-            else:
-                # If the active access token (self._access_token) is not the same as the token needs to be refreshed,
-                # it means the expired token has already been refreshed. Simply return the current active tokens.
-                return access_token, refresh_token
+                access_token, refresh_token = self._refresh(access_token_to_refresh)
+            # Else, if the active access token (self._access_token) is not the same as the token needs to be refreshed,
+            # it means the expired token has already been refreshed. Simply return the current active tokens.
+            return access_token, refresh_token
 
     @staticmethod
     def _get_state_csrf_token():
